Scanning mails from Exim4 through ClamAV on Debian Sarge

This article was first written in November 2005 for the BeezNest technical
website (
The following has been tested on Debian Sarge, but may work with later versions. Follow this procedure if you refused to split the Exim4 configuration as debconf proposes. If you did split it, it would be slightly different. You will need to have package exim4-daemon-heavy, as exim4-daemon-light does not ship with the required support for that feature.
  1. Add clamav user to group Debian-exim [1]
  2. Add AllowSupplementaryGroups option to /etc/clamav/clamd.conf (and restart service clamav-daemon)
  3. Create directory /var/spool/exim4/scan and make sure owner is Debian-exim:Debian-exim and is group-writable
  4. Add line av_scanner='clamd:/var/run/clamav/clamd.ctl' [2] to /etc/exim4/update-exim4.conf.conf
  5. Add the following code to /etc/exim4/exim4.conf.template in section related to 40_exim4-config_check_data:
   message = This message contains a virus: ($malware_name) please scan your system.
   demime = *
   malware = *
6. Then, run script update-exim4.conf as root and restart service exim4.See also this article:
[1] adduser clamav Debian-exim [2] if clamd is running locally, otherwise use for example av_scanner='clamd: 3310'